Overview Cybersecurity risks affect companies’ financial figures, driving up costs and revenue. Cyber criminals accelerated these last years, impacting massive and well-known worldwide companies’, harming ability to innovate and sustain. Attackers look to steal data or take control of critical infrastructures for competitive advantage, financial profit, sabotage and espionage. To address Cybersecurity risks, the NIST (National Institute of Standards and Technology) developed a Framework Version 1.0 under Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity” (February 2013) according to its new role updated by the Cybersecurity Enhancement Act of 2014 (CEA). The NIST Framework uses business drivers to conduct cybersecurity activities and risks as part of a company risk management process. The Framework supports companies to: The Framework is organized in three parts: NIST CSF Compliance Program The NIST CSF Compliance Program is designed to answer questions raised by any company that uses NIST CSF for supporting compliance with regulatory requirements, risk management initiatives and alignment of IT strategy with organisational goals while evaluating and selecting products to support the NIST CSF components. This Compliance Program provides validated evidence about a product’s features and capabilities to support the NIST CSF components. NIST CSF Compliance Testing and analysis cover several aspects of the product including:
NIST CSF Compliance Testing criteria NIST CSF Compliance Testing is conducted by trained analysts against the NIST CSF Compliance Program criteria, as well as Compliance Labs functional and quality assurance requirements. NIST CSF Compliance Program criteria rely on NIST CSF components intent from auditors’ perspective, companies’ needs, and queries from numerous specialists, including affected products vendors, developers, users and industry groups. The compliance analyst will report the results of each phase of testing in the Reports of Compliance, and will also document the product components submitted by the vendor and the configuration of the product evaluated. Continuous evaluation process Compliance Labs has developed the continuous testing process as a fundamental aspect of the NIST CSF Compliance Program. The continuous evaluation process will monitor new compliance requirements and best practices and update testing criteria to drive product compliance effectiveness and quality over the long term. Learn more about NIST CSF requirements |